{"api_version":"1","generated_at":"2026-05-10T18:57:32+00:00","cve":"CVE-2018-19439","urls":{"html":"https://cve.report/CVE-2018-19439","api":"https://cve.report/api/cve/CVE-2018-19439.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-19439","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-19439"},"summary":{"title":"CVE-2018-19439","description":"XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2018-12-13 19:29:00","updated_at":"2019-01-07 16:37:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/106006","name":"106006","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"Oracle Secure Global Desktop CVE-2018-19439 Multiple Cross Site Scripting Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://seclists.org/fulldisclosure/2018/Nov/58","name":"20181123 CVE-2018-19439 - Cross Site Scripting in Oracle Secure Global Desktop Administration Console - 4.4; Build: 20080807152602","refsource":"FULLDISC","tags":["Exploit","Mailing List","Third Party Advisory"],"title":"Full Disclosure: CVE-2018-19439 - Cross Site Scripting in Oracle Secure Global Desktop Administration Console - 4.4; Build: 20080807152602","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html","name":"http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html","refsource":"MISC","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"Oracle Secure Global Desktop Administration Console 4.4 Cross Site Scripting ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-19439","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-19439","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"19439","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"secure_global_desktop","cpe6":"4.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"19439","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"oracle","cpe5":"secure_global_desktop","cpe6":"4.4","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2018-19439","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/150444/Oracle-Secure-Global-Desktop-Administration-Console-4.4-Cross-Site-Scripting.html"},{"name":"106006","refsource":"BID","url":"http://www.securityfocus.com/bid/106006"},{"name":"20181123 CVE-2018-19439 - Cross Site Scripting in Oracle Secure Global Desktop Administration Console - 4.4; Build: 20080807152602","refsource":"FULLDISC","url":"http://seclists.org/fulldisclosure/2018/Nov/58"}]}},"nvd":{"publishedDate":"2018-12-13 19:29:00","lastModifiedDate":"2019-01-07 16:37:00","problem_types":["CWE-79"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":2.7},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:oracle:secure_global_desktop:4.4:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"19439","Ordinal":"136520","Title":"CVE-2018-19439","CVE":"CVE-2018-19439","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"19439","Ordinal":"1","NoteData":"XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). helpwindow.jsp has reflected XSS via all parameters, as demonstrated by the sgdadmin/faces/com_sun_web_ui/help/helpwindow.jsp windowTitle parameter.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"19439","Ordinal":"2","NoteData":"2018-12-13","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"19439","Ordinal":"3","NoteData":"2018-12-13","Type":"Other","Title":"Modified"}]}}}